airavata-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scnakand...@apache.org
Subject [3/7] airavata git commit: adding grouper client code to airavata
Date Thu, 07 Jul 2016 03:47:53 GMT
http://git-wip-us.apache.org/repos/asf/airavata/blob/4766b37c/modules/group-manager/src/main/resources/grouper.client.base.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.client.base.properties b/modules/group-manager/src/main/resources/grouper.client.base.properties
new file mode 100755
index 0000000..cf78604
--- /dev/null
+++ b/modules/group-manager/src/main/resources/grouper.client.base.properties
@@ -0,0 +1,552 @@
+#
+# Copyright 2014 Internet2
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# Grouper client configuration
+# $Id: grouper.client.base.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
+#
+
+# The grouper client uses Grouper Configuration Overlays (documented on wiki)
+# By default the configuration is read from grouper.client.base.properties
+# (which should not be edited), and the grouper.client.properties overlays
+# the base settings.  See the grouper.client.base.properties for the possible
+# settings that can be applied to the grouper.client.properties
+
+########################################
+## LDAP connection settings
+########################################
+
+# url of directory, including the base DN (distinguished name)
+# e.g. ldap://server.school.edu/dc=school,dc=edu
+# e.g. ldaps://server.school.edu/dc=school,dc=edu
+grouperClient.ldap.url = 
+
+# kerberos principal used to connect to ldap
+grouperClient.ldap.login = 
+
+# password for shared secret authentication to ldap
+# or you can put a filename with an encrypted password
+grouperClient.ldap.password = 
+
+########################################
+## Web service Connection settings
+########################################
+
+# url of web service, should include everything up to the first resource to access
+# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
+# e.g. https://groups.school.edu/grouper-ws/servicesRest
+grouperClient.webService.url = 
+
+# kerberos principal used to connect to web service
+grouperClient.webService.login = 
+
+# password for shared secret authentication to web service
+# or you can put a filename with an encrypted password
+grouperClient.webService.password = 
+
+########################################
+## Config chaining hierarchy
+########################################
+
+# comma separated config files that override each other (files on the right override the left)
+# each should start with file: or classpath:
+# e.g. classpath:grouper.client.example.properties, file:c:/something/myconfig.properties
+grouperClient.config.hierarchy = classpath:grouper.client.base.properties, classpath:grouper.client.properties
+
+# seconds between checking to see if the config files are updated
+grouperClient.config.secondsBetweenUpdateChecks = 60
+
+########################################
+## Misc settings
+########################################
+
+# path of a writable directory where files can be created or stored
+# for example, cache of discovery configuration, or failover state
+# dot is the current directory...  note, this directory must exist
+# or it will be created (attempted)
+# if this is blank, none of these features will be used, and 
+# no files will be saved
+grouperClient.cacheDirectory = .
+
+########################################
+## Encrypted password settings
+########################################
+
+# Put a random alphanumeric string (Case sensitive) for the password encryption.  e.g. fh43IRJ4Nf5
+# or put a filename where the random alphanumeric string is.  
+# e.g. c:/whatever/key.txt
+# e.g. sdfklj24lkj34lk34
+encrypt.key = 
+
+# set this to true if you have slashes in your passwords and dont want to look in external files or unencrypt
+encrypt.disableExternalFileLookup = false 
+
+# pre grouper 2.0, the client encrypted passwords differently than the server.  Now that the client is part of the server,
+# there are more reasons to be consistent.  Change to false for pre-2.0 password encryption behavior
+encrypt.encryptLikeServer = true
+
+########################################
+## Logging
+########################################
+
+# For java.util.logging, only for the grouperClient package (not below)
+# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING 
+grouperClient.logging.grouperClientOnly.logLevel = WARNING
+
+# If you are not using log4j (will use java.util.logging, you can turn logging on which will go to stderr 
+# (if no file specified below).  This is default log level
+# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING 
+grouperClient.logging.logLevel = WARNING
+
+# If you dont want the logging to go to stderr, then put a log file location here: e.g. f:/temp/grouperClient.log
+grouperClient.logging.logFile = 
+
+# if you want ws requests and responses being logged to files, put the directory here.  
+# The grouper client will create subdirs
+grouperClient.logging.webService.documentDir = 
+
+# try to indent the xml.  If this fails for some reason, or you want the raw xml, 
+# set to false
+grouperClient.logging.webService.indent = true
+
+# if the masked password should be logged (if false, dont log anything about password)
+# the masked password will show how many chars the password is (helpful for diagnosing 
+# password encryption issues)
+grouperClient.logging.logMaskedPassword = false
+
+########################################
+## Service discovery settings
+########################################
+
+# number of minutes to remember that a connection had errors
+grouperClient.minutesToKeepErrors = 2
+
+# if you are using a discovery service, but a discovery properties
+# at a URL (preferably SSL with valid certificate)
+# you should have multiple discovery URLs hosted at independent locations
+# to add more, increment the integer
+grouperClient.urlOfDiscovery.0 = 
+grouperClient.urlOfDiscovery.1 = 
+
+# if your app has a slow startup time, and the initial connections are timing out
+# esp if you arent just using the command line client (e.g. if using it as a jar), 
+# then add more time here
+grouperClient.secondsForClassesToLoad = 20
+
+# this will save the failover state to a file so if the JVM is stopped, it 
+# will be there when it starts again.  
+# Set to 0 to store on every use (recommended if used command line)
+# or set to -1 to not store or read ever
+# grouperClient.cacheDirectory must be set
+grouperClient.saveFailoverStateEverySeconds = 60
+
+# if the failover client should use threads.  If it doesnt then you cant detect timeouts
+grouperClient.failoverClientUseThreads = true
+
+# this will cache the discovery properties in memory or on disk
+# if you want to cache the discovery properties locally, put a directory here:
+# this is recommended especially if you are using the grouper client as a command
+# line application and the process is constantly restarting
+# note, this will be used for a failsafe cache if all discovery servers are unavailable
+# grouperClient.cacheDirectory must be set
+# set to 0 or -1 to not cache
+grouperClient.cacheDiscoveryPropertiesForSeconds = 120
+
+# this is the path in the discovery server there the grouper.client.discovery.properties is
+grouperClient.discoveryGrouperClientPropertiesDirectory = 
+
+####
+## Below here are default values and override values for the discovery 
+## properties at your institution.  Note: if the override keys are there
+## with no value then it will blank out the discovery service value
+####
+
+# default urls of directory, including the base DN (distinguished name)
+# add more properties and increment the integer (.1, .2, etc)
+# e.g. ldap://server.school.edu/dc=school,dc=edu
+# e.g. ldaps://server.school.edu/dc=school,dc=edu
+grouperClient.discoveryDefault.ldap.0.url = 
+#grouperClient.discoveryOverride.ldap.0.url = 
+
+# default active/active or active/standby
+# active/active will pick a server randomly,
+# and will stick with it for as long as the affinity is set
+# active/standby will always use the first connection 
+# if no errors, then try the second one etc.
+# if a connection has more errors and has a higher priority,
+# then it will not be tried again until the 
+# takeConnectionOutOfPoolOnErrorForSeconds timeout
+# passes
+grouperClient.discoveryDefault.ldap.loadBalancing = active/active
+#grouperClient.discoveryOverride.ldap.loadBalancing = active/active
+
+# if we are active/active, then the same connection will
+# be used for a certain number of seconds.  If this is -1, then 
+# always keep the same server (unless errors)
+grouperClient.discoveryDefault.ldap.affinitySeconds = 28800
+#grouperClient.discoveryOverride.ldap.affinitySeconds = 28800
+
+# if a connection has more errors than another, it will not be
+# used until this error timeout passes (unless the other is throwing errors
+# too)
+grouperClient.discoveryDefault.ldap.lowerConnectionPriorityOnErrorForMinutes = 3
+#grouperClient.discoveryOverride.ldap.lowerConnectionPriorityOnErrorForMinutes = 3
+
+# when a connection is attempted, this is the timeout that it will use before trying
+# another connection
+grouperClient.discoveryDefault.ldap.timeoutSeconds = 30
+#grouperClient.discoveryOverride.ldap.timeoutSeconds = 30
+
+# after all connections have been attempted, it will wait for this long
+# to see if any finish
+grouperClient.discoveryDefault.ldap.extraTimeoutSeconds = 15
+#grouperClient.discoveryOverride.ldap.extraTimeoutSeconds = 15
+
+# urls of web service, should include everything up to the first resource to access
+# this is for read or write operations
+# add more properties and increment the integer (.1, .2, etc)
+# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
+# e.g. https://groups.school.edu/grouper-ws/servicesRest
+grouperClient.discoveryDefault.webService.readWrite.0.url = 
+#grouperClient.discoveryOverride.webService.readWrite.0.url = 
+
+# url of web service, should include everything up to the first resource to access
+# this is for only read operations
+# add more properties and increment the integer (.1, .2, etc)
+# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
+# e.g. https://groups.school.edu/grouper-ws/servicesRest
+grouperClient.discoveryDefault.webService.readOnly.0.url = 
+#grouperClient.discoveryOverride.webService.readOnly.0.url = 
+
+# active/active or active/standby
+# active/active will pick a server randomly,
+# and will stick with it for as long as the affinity is set
+# active/standby will always use the first connection 
+# if no errors, then try the second one etc.
+# if a connection has more errors and has a higher priority,
+# then it will not be tried again until the 
+# takeConnectionOutOfPoolOnErrorForSeconds timeout
+# passes
+grouperClient.discoveryDefault.webService.loadBalancing = active/active
+#grouperClient.discoveryOverride.webService.loadBalancing = active/active
+
+# if you want to always try read/write before readOnly (i.e. if you are
+# worried about if you make a write and read right after each other)
+grouperClient.discoveryDefault.webService.preferReadWrite = true
+#grouperClient.discoveryOverride.webService.preferReadWrite = true
+
+# if we are active/active, then the same connection will
+# be used for a certain number of seconds.  If this is -1, then 
+# always keep the same server (unless errors)
+grouperClient.discoveryDefault.webService.affinitySeconds = 28800
+#grouperClient.discoveryOverride.webService.affinitySeconds = 28800
+
+# if a connection has more errors than another, it will not be
+# used until this error timeout passes (unless the other is throwing errors
+# too)
+grouperClient.discoveryDefault.webService.lowerConnectionPriorityOnErrorForMinutes = 3
+#grouperClient.discoveryOverride.webService.lowerConnectionPriorityOnErrorForMinutes = 3
+
+# when a connection is attempted, this is the timeout that it will use before trying
+# another connection
+grouperClient.discoveryDefault.webService.timeoutSeconds = 60
+#grouperClient.discoveryOverride.webService.timeoutSeconds = 60
+
+# after all connections have been attempted, it will wait for this long
+# to see if any finish
+grouperClient.discoveryDefault.webService.extraTimeoutSeconds = 30
+#grouperClient.discoveryOverride.webService.extraTimeoutSeconds = 30
+
+
+
+####################################################################################
+####################################################################################
+#### Institutional and advanced settings
+####################################################################################
+####################################################################################
+
+#######################################
+## output templates
+#######################################
+
+webService.addMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$
+webService.getMembers.output = GroupIndex ${groupIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: group: ${wsGroup.name}: subjectIndex: ${subjectIndex}: ${wsSubject.id}$newline$
+webService.deleteMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$
+webService.hasMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}: ${hasMember}$newline$
+webService.getGroups.output = SubjectIndex ${subjectIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: subject: ${wsSubject.id}: groupIndex: ${groupIndex}: ${wsGroup.name}$newline$
+webService.groupSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$
+webService.stemSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$
+webService.groupDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$
+webService.stemDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$
+webService.getGrouperPrivilegesLite.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsGrouperPrivilegeResult.privilegeType}: ${wsGrouperPrivilegeResult.privilegeName}$newline$
+webService.assignGrouperPrivileges.output = Index: ${index}, success: ${resultMetadata.success}, code: ${resultMetadata.resultCode}, ${objectType}: ${objectName}, subject: ${wsSubject.id}, ${wsAssignGrouperPrivilegesResult.privilegeType}: ${wsAssignGrouperPrivilegesResult.privilegeName}$newline$
+webService.assignGrouperPrivilegesLite.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsAssignGrouperPrivilegesLiteResult.privilegeType}: ${wsAssignGrouperPrivilegesLiteResult.privilegeName}$newline$
+webService.findGroups.output = Index ${index}: name: ${wsGroup.name}, displayName: ${wsGroup.displayName}$newline$
+webService.findStems.output = Index ${index}: name: ${wsStem.name}, displayName: ${wsStem.displayName}$newline$
+webService.memberChangeSubject.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: oldSubject: ${wsSubjectOld.id}, newSubject: ${wsSubjectNew.id}$newline$
+webService.getMemberships.output = Index: ${index}: ${type}: ${ownerName}, subject: ${wsSubject.id}, list: ${wsMembership.listName}, type: ${wsMembership.membershipType}, enabled: ${wsMembership.enabled}$newline$
+webService.getSubjects.output = Index: ${index}: success: ${success}, code: ${wsSubject.resultCode}, subject: ${wsSubject.id}$newline$
+webService.getAttributeAssignments.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}$newline$
+webService.getAttributeAssignActions.output = Index: ${index}: nameOfAttributeDef: ${wsAttributeAssignActionTuple.nameOfAttributeDef}, action: ${wsAttributeAssignActionTuple.action}$newline$
+webService.assignAttributes.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeResult.changed}, deleted: ${wsAssignAttributeResult.deleted}, valuesChanged: ${wsAssignAttributeResult.valuesChanged}$newline$
+webService.assignAttributesBatch.output = Index: ${assignIndex}, itemIndex: ${assignItemIndex}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeBatchResult.changed}, deleted: ${wsAssignAttributeBatchResult.deleted}, valuesChanged: ${wsAssignAttributeBatchResult.valuesChanged}$newline$
+webService.getPermissionAssignments.output = Index: ${index}: permissionType: ${wsPermissionAssign.permissionType}, role: ${wsPermissionAssign.roleName}, subject: ${wsPermissionAssign.sourceId} - ${wsPermissionAssign.subjectId}, attributeDefNameName: ${wsPermissionAssign.attributeDefNameName}, action: ${wsPermissionAssign.action}, allowedOverall: ${wsPermissionAssign.allowedOverall}, enabled: ${wsPermissionAssign.enabled}$newline$
+webService.assignPermissions.output = Index: ${index}: permissionType: ${permissionType}, owner: ${ownerName}, permissionDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, disallowed: ${wsAttributeAssign.disallowed}, enabled: ${wsAttributeAssign.enabled}, attributeAssignId: ${wsAttributeAssign.id}, changed: ${wsAssignPermissionResult.changed}, deleted: ${wsAssignPermissionResult.deleted}$newline$
+webService.assignAttributeDefNameInheritance.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}, message: ${resultMetadata.resultMessage}$newline$
+webService.attributeDefNameSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$
+webService.attributeDefNameDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$
+webService.findAttributeDefNames.output = Index ${index}: name: ${wsAttributeDefName.name}, displayName: ${wsAttributeDefName.displayName}$newline$
+webService.assignAttributeDefActions.output=Index ${index}: nameOfAttributeDef: ${nameOfAttributeDef}, action: ${actionWithOperation.action}, status: ${actionWithOperation.status}$newline$
+
+#######################################
+## ldap queries
+#######################################
+
+# operation name
+ldapSearchAttribute.operationName.0 = pennnameToPennid
+ldapSearchAttribute.ldapName.0 = ou=pennnames
+ldapSearchAttribute.matchingAttributes.0 = pennname
+ldapSearchAttribute.matchingAttributeLabels.0 = pennnameToDecode
+ldapSearchAttribute.returningAttributes.0 = pennid
+ldapSearchAttribute.outputTemplate.0 = pennid: ${pennid}
+ldapSearchAttribute.resultType.0 = STRING
+
+ldapSearchAttribute.operationName.1 = pennidToPennname
+ldapSearchAttribute.ldapName.1 = ou=pennnames
+ldapSearchAttribute.matchingAttributes.1 = pennid
+ldapSearchAttribute.matchingAttributeLabels.1 = pennidToDecode
+ldapSearchAttribute.returningAttributes.1 = pennname
+ldapSearchAttribute.outputTemplate.1 = pennname: ${pennname}
+ldapSearchAttribute.resultType.1 = STRING
+
+ldapSearchAttribute.operationName.2 = hasMemberLdap
+ldapSearchAttribute.ldapName.2 = ou=groups
+ldapSearchAttribute.matchingAttributes.2 = cn, hasMember
+ldapSearchAttribute.matchingAttributeLabels.2 = groupName, pennnameToCheck
+ldapSearchAttribute.returningAttributes.2 = cn
+ldapSearchAttribute.outputTemplate.2 = hasMember: ${resultBoolean}
+ldapSearchAttribute.resultType.2 = BOOLEAN
+
+ldapSearchAttribute.operationName.3 = getMembersLdap
+ldapSearchAttribute.ldapName.3 = ou=groups
+ldapSearchAttribute.matchingAttributes.3 = cn
+ldapSearchAttribute.matchingAttributeLabels.3 = groupName
+ldapSearchAttribute.returningAttributes.3 = hasMember
+ldapSearchAttribute.outputTemplate.3 = ${resultString}$newline$
+ldapSearchAttribute.resultType.3 = STRING_LIST
+
+########################################
+## Custom operations
+## Implement the interface ClientOperation, put it in the jar
+## Increment the int index for multiples (must be in order)
+########################################
+
+#customOperation.name.0 = cosignLikeWebsec
+#customOperation.class.0 = edu.upenn.isc.grouperClient.CosignLikeWebsecOperation
+
+
+########################################
+## Authentication settings
+########################################
+
+# user prefix
+grouperClient.ldap.user.prefix = uid=
+
+# user suffix
+grouperClient.ldap.user.suffix = ,ou=entities,dc=upenn,dc=edu
+
+# config name for the ldap user name between prefix and suffix
+grouperClient.ldap.user.label = login
+
+# config name for the webService user name between prefix and suffix
+grouperClient.webService.user.label = login
+
+########################################
+## Web service settings
+########################################
+
+# web service client version
+grouperClient.webService.client.version = v2_2_000
+
+# socket timeout
+grouperClient.webService.httpSocketTimeoutMillis = 90000
+
+# connection manager timeout
+grouperClient.webService.httpConnectionManagerTimeoutMillis = 90000
+
+# ignore extraneous xml fields from server (e.g. on server upgrade, when the client isnt upgraded)
+# if you dont ignore, and there is an extraneous field which is not omitted (below), then an exception 
+# will be thrown
+grouperClient.webService.ignoreExtraneousXmlFields = true
+
+# register fields to be ignored with xstream.  this is useful if you are not
+# ignoring extraneous fields (above), but know that there are a few to be ignored
+# place them here with fully qualified classname dont property name, comma separated
+# e.g. edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis, edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis2
+grouper.webService.omitXmlProperties = 
+
+########################################
+## Misc
+########################################
+
+# if there are extra command line args, should we fail or just log?
+grouperClient.failOnExtraCommandLineArgs = true
+
+# you can have aliases for subjectId and subjectIdentifer in command line args 
+# (though subjectId will still be allowed, but you cant pass both)
+# if this value is pennIds, then e.g. for addMemberWs, you can use --pennIds=123,234
+# instead of --subjectIds=123,345
+grouperClient.alias.subjectIds = 
+
+# if this value is pennKeys, then e.g. for addMemberWs, you can use --pennKeys=abc,bcd
+# instead of --subjectIdentifiers=abc,bcd
+grouperClient.alias.subjectIdentifiers = 
+
+# if this value is pennId, then e.g. for getGrouperPrivilegesLite, you can use --pennId=123
+# instead of --subjectId=123
+grouperClient.alias.subjectId = 
+
+# if this value is pennKey, then e.g. for getGrouperPrivilegesLite, you can use --pennKey=abc
+# instead of --subjectIdentifiers=abc
+grouperClient.alias.subjectIdentifier = 
+
+# if this value is PennId, then e.g. for addMemberWs, you can use --actAsPennId=123
+# instead of --actAsSubjectId=abc,bcd
+grouperClient.alias.SubjectId = 
+
+# if this value is PennKey, then e.g. for addMemberWs, you can use --actAsPennKey=abc
+# instead of --actAsSubjectIdentifier=abc
+grouperClient.alias.SubjectIdentifier = 
+
+# the encoding used to read config files
+grouperClient.config.encoding = UTF-8
+
+# this should probably be changed to UTF-8 for international charsets... for US it can be: ISO-8859-1
+grouperClient.default.fileEncoding = UTF-8
+
+# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.EasySslSocketFactory
+grouperClient.https.customSocketFactory = 
+
+# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.BlindSslSocketFactory
+grouperClient.ldaps.customSocketFactory = 
+
+
+##############################
+## Kuali Identity settings
+##############################
+
+kuali.identity.source.0 = jdbc
+kuali.identity.nameAttribute.0 = name
+kuali.identity.identifierAttribute.0 = loginid
+
+# separate a sourceId from a subjectId or sourceId
+kuali.identity.sourceSeparator = ::::
+
+
+########################################
+## JDBC settings
+########################################
+
+# default database connection name
+grouperClient.jdbc.defaultName = default
+
+# the part between jdbc. and the last . is the name of the connection, in this case "default"
+# e.g. mysql:           com.mysql.jdbc.Driver
+# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver
+#   for p6spy, put the underlying driver in spy.properties
+# e.g. oracle:          oracle.jdbc.driver.OracleDriver
+# e.g. hsqldb:          org.hsqldb.jdbcDriver
+# e.g. postgres:        org.postgresql.Driver
+# e.g. mssql:           com.microsoft.sqlserver.jdbc.SQLServerDriver
+grouperClient.jdbc.default.driver = oracle.jdbc.driver.OracleDriver
+
+# e.g. mysql:           jdbc:mysql://localhost:3306/grouper
+# e.g. p6spy (log sql): [use the URL that your DB requires]
+# e.g. oracle:          jdbc:oracle:thin:@server.school.edu:1521:sid
+# e.g. hsqldb (a):      jdbc:hsqldb:dist/run/grouper;create=true
+# e.g. hsqldb (b):      jdbc:hsqldb:hsql://localhost:9001/grouper
+# e.g. postgres:        jdbc:postgresql://localhost:5432/database
+# e.g. mssql:           jdbc:sqlserver://localhost:3280
+grouperClient.jdbc.default.url = jdbc:oracle:thin:@server.school.edu:1521:sid
+grouperClient.jdbc.default.user = some_schema
+grouperClient.jdbc.default.pass = abc123
+
+
+
+################################
+## AWS settings
+################################
+
+# sqs settings
+grouperClient.awsAccessKey = ABC123
+grouperClient.awsSecretKey = xyz789
+grouperClient.awsSqsQueueUrl = https://sqs.region.amazonaws.com/1234/queue_name
+
+
+################################
+## ESB settings
+################################
+
+## if you want to encrypt messages, set this to an implementation of edu.internet2.middleware.grouperClient.encryption.GcEncryptionInterface
+esb.consumer.encryptionImplementation = edu.internet2.middleware.grouperClient.encryption.GcSymmetricEncryptAesCbcPkcs5Padding
+## this is a key or could be encrypted in a file as well like other passwords
+## generate a key with: java -cp grouperClient.jar edu.internet2.middleware.grouperClient.encryption.GcGenerateKey 
+## number these if there are multiple
+#esb.consumer.encryptionKey.0 = abc123
+
+
+################################
+## XMPP client settings
+## Note: you need the smack.jar in your classpath, see the grouper xmpp wiki for usage
+## https://spaces.internet2.edu/display/Grouper/Grouper+XMPP+notifications+v1.6.0
+################################
+
+
+## general xmpp configuration
+grouperClient.xmpp.server.host = jabber.school.edu
+grouperClient.xmpp.server.port = 5222
+grouperClient.xmpp.user = username
+# note, pass can be in an external file with morphstring
+grouperClient.xmpp.pass = 
+grouperClient.xmpp.resource = grouperClient
+# note, you need the exact id and resource here or it wont match
+grouperClient.xmpp.trustedMessagesFromJabberIds = user@school.edu/resource, user2@school.edu/resource2
+
+# if true, then each quartz trigger name will be unique
+# do this for atlassian since it doesnt do quartz right, and wont delete or reuse old triggers
+grouperClient.xmpp.uniqueQuartzTriggerNames = false
+
+# if true, send this to smack, if we should debug.  not sure if it does anything
+grouperClient.xmpp.debuggerEnabled = false
+
+grouperClient.xmpp.job.myJobName.groupNames = test:xmppGroups:test1
+grouperClient.xmpp.job.myJobName.allowIncrementalNotInGroupNamesList = false
+grouperClient.xmpp.job.myJobName.handlerClass = edu.internet2.middleware.grouperClientExt.xmpp.GrouperClientXmppFileHandler
+# set this to reload_group or incremental if not reload on each event
+grouperClient.xmpp.job.myJobName.eventAction = incremental
+# how often a full refresh should occur regardless of events
+grouperClient.xmpp.job.myJobName.fullRefreshQuartzCronString = 0 0 5 * * ?
+grouperClient.xmpp.job.myJobName.fileHandler.targetFile = c:/temp/targetFile.txt
+grouperClient.xmpp.job.myJobName.fileHandler.filePrefix = c:/temp/filePrefix.txt
+grouperClient.xmpp.job.myJobName.fileHandler.iteratorEl = ${subject.attribute['pennname']}$space$
+grouperClient.xmpp.job.myJobName.fileHandler.fileSuffix = c:/temp/fileSuffix.txt
+grouperClient.xmpp.job.myJobName.subjectAttributeNames = pennname
+# subjects wont notify in not in these sources, comma separated, or blank for all
+grouperClient.xmpp.job.myJobName.requireSources = pennperson
+# subjects wont notify if they dont have a non blank value for these attributes, or blank for all
+grouperClient.xmpp.job.myJobName.requireAttributes = pennname
+
+

http://git-wip-us.apache.org/repos/asf/airavata/blob/4766b37c/modules/group-manager/src/main/resources/grouper.client.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.client.properties b/modules/group-manager/src/main/resources/grouper.client.properties
new file mode 100755
index 0000000..cf78604
--- /dev/null
+++ b/modules/group-manager/src/main/resources/grouper.client.properties
@@ -0,0 +1,552 @@
+#
+# Copyright 2014 Internet2
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# Grouper client configuration
+# $Id: grouper.client.base.properties,v 1.24 2009-12-30 04:23:02 mchyzer Exp $
+#
+
+# The grouper client uses Grouper Configuration Overlays (documented on wiki)
+# By default the configuration is read from grouper.client.base.properties
+# (which should not be edited), and the grouper.client.properties overlays
+# the base settings.  See the grouper.client.base.properties for the possible
+# settings that can be applied to the grouper.client.properties
+
+########################################
+## LDAP connection settings
+########################################
+
+# url of directory, including the base DN (distinguished name)
+# e.g. ldap://server.school.edu/dc=school,dc=edu
+# e.g. ldaps://server.school.edu/dc=school,dc=edu
+grouperClient.ldap.url = 
+
+# kerberos principal used to connect to ldap
+grouperClient.ldap.login = 
+
+# password for shared secret authentication to ldap
+# or you can put a filename with an encrypted password
+grouperClient.ldap.password = 
+
+########################################
+## Web service Connection settings
+########################################
+
+# url of web service, should include everything up to the first resource to access
+# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
+# e.g. https://groups.school.edu/grouper-ws/servicesRest
+grouperClient.webService.url = 
+
+# kerberos principal used to connect to web service
+grouperClient.webService.login = 
+
+# password for shared secret authentication to web service
+# or you can put a filename with an encrypted password
+grouperClient.webService.password = 
+
+########################################
+## Config chaining hierarchy
+########################################
+
+# comma separated config files that override each other (files on the right override the left)
+# each should start with file: or classpath:
+# e.g. classpath:grouper.client.example.properties, file:c:/something/myconfig.properties
+grouperClient.config.hierarchy = classpath:grouper.client.base.properties, classpath:grouper.client.properties
+
+# seconds between checking to see if the config files are updated
+grouperClient.config.secondsBetweenUpdateChecks = 60
+
+########################################
+## Misc settings
+########################################
+
+# path of a writable directory where files can be created or stored
+# for example, cache of discovery configuration, or failover state
+# dot is the current directory...  note, this directory must exist
+# or it will be created (attempted)
+# if this is blank, none of these features will be used, and 
+# no files will be saved
+grouperClient.cacheDirectory = .
+
+########################################
+## Encrypted password settings
+########################################
+
+# Put a random alphanumeric string (Case sensitive) for the password encryption.  e.g. fh43IRJ4Nf5
+# or put a filename where the random alphanumeric string is.  
+# e.g. c:/whatever/key.txt
+# e.g. sdfklj24lkj34lk34
+encrypt.key = 
+
+# set this to true if you have slashes in your passwords and dont want to look in external files or unencrypt
+encrypt.disableExternalFileLookup = false 
+
+# pre grouper 2.0, the client encrypted passwords differently than the server.  Now that the client is part of the server,
+# there are more reasons to be consistent.  Change to false for pre-2.0 password encryption behavior
+encrypt.encryptLikeServer = true
+
+########################################
+## Logging
+########################################
+
+# For java.util.logging, only for the grouperClient package (not below)
+# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING 
+grouperClient.logging.grouperClientOnly.logLevel = WARNING
+
+# If you are not using log4j (will use java.util.logging, you can turn logging on which will go to stderr 
+# (if no file specified below).  This is default log level
+# from java java.util.logging.Level class: ALL, CONFIG, FINE, FINER, FINEST, OFF, SEVERE, WARNING 
+grouperClient.logging.logLevel = WARNING
+
+# If you dont want the logging to go to stderr, then put a log file location here: e.g. f:/temp/grouperClient.log
+grouperClient.logging.logFile = 
+
+# if you want ws requests and responses being logged to files, put the directory here.  
+# The grouper client will create subdirs
+grouperClient.logging.webService.documentDir = 
+
+# try to indent the xml.  If this fails for some reason, or you want the raw xml, 
+# set to false
+grouperClient.logging.webService.indent = true
+
+# if the masked password should be logged (if false, dont log anything about password)
+# the masked password will show how many chars the password is (helpful for diagnosing 
+# password encryption issues)
+grouperClient.logging.logMaskedPassword = false
+
+########################################
+## Service discovery settings
+########################################
+
+# number of minutes to remember that a connection had errors
+grouperClient.minutesToKeepErrors = 2
+
+# if you are using a discovery service, but a discovery properties
+# at a URL (preferably SSL with valid certificate)
+# you should have multiple discovery URLs hosted at independent locations
+# to add more, increment the integer
+grouperClient.urlOfDiscovery.0 = 
+grouperClient.urlOfDiscovery.1 = 
+
+# if your app has a slow startup time, and the initial connections are timing out
+# esp if you arent just using the command line client (e.g. if using it as a jar), 
+# then add more time here
+grouperClient.secondsForClassesToLoad = 20
+
+# this will save the failover state to a file so if the JVM is stopped, it 
+# will be there when it starts again.  
+# Set to 0 to store on every use (recommended if used command line)
+# or set to -1 to not store or read ever
+# grouperClient.cacheDirectory must be set
+grouperClient.saveFailoverStateEverySeconds = 60
+
+# if the failover client should use threads.  If it doesnt then you cant detect timeouts
+grouperClient.failoverClientUseThreads = true
+
+# this will cache the discovery properties in memory or on disk
+# if you want to cache the discovery properties locally, put a directory here:
+# this is recommended especially if you are using the grouper client as a command
+# line application and the process is constantly restarting
+# note, this will be used for a failsafe cache if all discovery servers are unavailable
+# grouperClient.cacheDirectory must be set
+# set to 0 or -1 to not cache
+grouperClient.cacheDiscoveryPropertiesForSeconds = 120
+
+# this is the path in the discovery server there the grouper.client.discovery.properties is
+grouperClient.discoveryGrouperClientPropertiesDirectory = 
+
+####
+## Below here are default values and override values for the discovery 
+## properties at your institution.  Note: if the override keys are there
+## with no value then it will blank out the discovery service value
+####
+
+# default urls of directory, including the base DN (distinguished name)
+# add more properties and increment the integer (.1, .2, etc)
+# e.g. ldap://server.school.edu/dc=school,dc=edu
+# e.g. ldaps://server.school.edu/dc=school,dc=edu
+grouperClient.discoveryDefault.ldap.0.url = 
+#grouperClient.discoveryOverride.ldap.0.url = 
+
+# default active/active or active/standby
+# active/active will pick a server randomly,
+# and will stick with it for as long as the affinity is set
+# active/standby will always use the first connection 
+# if no errors, then try the second one etc.
+# if a connection has more errors and has a higher priority,
+# then it will not be tried again until the 
+# takeConnectionOutOfPoolOnErrorForSeconds timeout
+# passes
+grouperClient.discoveryDefault.ldap.loadBalancing = active/active
+#grouperClient.discoveryOverride.ldap.loadBalancing = active/active
+
+# if we are active/active, then the same connection will
+# be used for a certain number of seconds.  If this is -1, then 
+# always keep the same server (unless errors)
+grouperClient.discoveryDefault.ldap.affinitySeconds = 28800
+#grouperClient.discoveryOverride.ldap.affinitySeconds = 28800
+
+# if a connection has more errors than another, it will not be
+# used until this error timeout passes (unless the other is throwing errors
+# too)
+grouperClient.discoveryDefault.ldap.lowerConnectionPriorityOnErrorForMinutes = 3
+#grouperClient.discoveryOverride.ldap.lowerConnectionPriorityOnErrorForMinutes = 3
+
+# when a connection is attempted, this is the timeout that it will use before trying
+# another connection
+grouperClient.discoveryDefault.ldap.timeoutSeconds = 30
+#grouperClient.discoveryOverride.ldap.timeoutSeconds = 30
+
+# after all connections have been attempted, it will wait for this long
+# to see if any finish
+grouperClient.discoveryDefault.ldap.extraTimeoutSeconds = 15
+#grouperClient.discoveryOverride.ldap.extraTimeoutSeconds = 15
+
+# urls of web service, should include everything up to the first resource to access
+# this is for read or write operations
+# add more properties and increment the integer (.1, .2, etc)
+# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
+# e.g. https://groups.school.edu/grouper-ws/servicesRest
+grouperClient.discoveryDefault.webService.readWrite.0.url = 
+#grouperClient.discoveryOverride.webService.readWrite.0.url = 
+
+# url of web service, should include everything up to the first resource to access
+# this is for only read operations
+# add more properties and increment the integer (.1, .2, etc)
+# e.g. http://groups.school.edu:8090/grouper-ws/servicesRest
+# e.g. https://groups.school.edu/grouper-ws/servicesRest
+grouperClient.discoveryDefault.webService.readOnly.0.url = 
+#grouperClient.discoveryOverride.webService.readOnly.0.url = 
+
+# active/active or active/standby
+# active/active will pick a server randomly,
+# and will stick with it for as long as the affinity is set
+# active/standby will always use the first connection 
+# if no errors, then try the second one etc.
+# if a connection has more errors and has a higher priority,
+# then it will not be tried again until the 
+# takeConnectionOutOfPoolOnErrorForSeconds timeout
+# passes
+grouperClient.discoveryDefault.webService.loadBalancing = active/active
+#grouperClient.discoveryOverride.webService.loadBalancing = active/active
+
+# if you want to always try read/write before readOnly (i.e. if you are
+# worried about if you make a write and read right after each other)
+grouperClient.discoveryDefault.webService.preferReadWrite = true
+#grouperClient.discoveryOverride.webService.preferReadWrite = true
+
+# if we are active/active, then the same connection will
+# be used for a certain number of seconds.  If this is -1, then 
+# always keep the same server (unless errors)
+grouperClient.discoveryDefault.webService.affinitySeconds = 28800
+#grouperClient.discoveryOverride.webService.affinitySeconds = 28800
+
+# if a connection has more errors than another, it will not be
+# used until this error timeout passes (unless the other is throwing errors
+# too)
+grouperClient.discoveryDefault.webService.lowerConnectionPriorityOnErrorForMinutes = 3
+#grouperClient.discoveryOverride.webService.lowerConnectionPriorityOnErrorForMinutes = 3
+
+# when a connection is attempted, this is the timeout that it will use before trying
+# another connection
+grouperClient.discoveryDefault.webService.timeoutSeconds = 60
+#grouperClient.discoveryOverride.webService.timeoutSeconds = 60
+
+# after all connections have been attempted, it will wait for this long
+# to see if any finish
+grouperClient.discoveryDefault.webService.extraTimeoutSeconds = 30
+#grouperClient.discoveryOverride.webService.extraTimeoutSeconds = 30
+
+
+
+####################################################################################
+####################################################################################
+#### Institutional and advanced settings
+####################################################################################
+####################################################################################
+
+#######################################
+## output templates
+#######################################
+
+webService.addMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$
+webService.getMembers.output = GroupIndex ${groupIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: group: ${wsGroup.name}: subjectIndex: ${subjectIndex}: ${wsSubject.id}$newline$
+webService.deleteMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}$newline$
+webService.hasMember.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsSubject.id}: ${hasMember}$newline$
+webService.getGroups.output = SubjectIndex ${subjectIndex}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: subject: ${wsSubject.id}: groupIndex: ${groupIndex}: ${wsGroup.name}$newline$
+webService.groupSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$
+webService.stemSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$
+webService.groupDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsGroup.name}$newline$
+webService.stemDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsStem.name}$newline$
+webService.getGrouperPrivilegesLite.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsGrouperPrivilegeResult.privilegeType}: ${wsGrouperPrivilegeResult.privilegeName}$newline$
+webService.assignGrouperPrivileges.output = Index: ${index}, success: ${resultMetadata.success}, code: ${resultMetadata.resultCode}, ${objectType}: ${objectName}, subject: ${wsSubject.id}, ${wsAssignGrouperPrivilegesResult.privilegeType}: ${wsAssignGrouperPrivilegesResult.privilegeName}$newline$
+webService.assignGrouperPrivilegesLite.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${objectType}: ${objectName}: subject: ${wsSubject.id}: ${wsAssignGrouperPrivilegesLiteResult.privilegeType}: ${wsAssignGrouperPrivilegesLiteResult.privilegeName}$newline$
+webService.findGroups.output = Index ${index}: name: ${wsGroup.name}, displayName: ${wsGroup.displayName}$newline$
+webService.findStems.output = Index ${index}: name: ${wsStem.name}, displayName: ${wsStem.displayName}$newline$
+webService.memberChangeSubject.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: oldSubject: ${wsSubjectOld.id}, newSubject: ${wsSubjectNew.id}$newline$
+webService.getMemberships.output = Index: ${index}: ${type}: ${ownerName}, subject: ${wsSubject.id}, list: ${wsMembership.listName}, type: ${wsMembership.membershipType}, enabled: ${wsMembership.enabled}$newline$
+webService.getSubjects.output = Index: ${index}: success: ${success}, code: ${wsSubject.resultCode}, subject: ${wsSubject.id}$newline$
+webService.getAttributeAssignments.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}$newline$
+webService.getAttributeAssignActions.output = Index: ${index}: nameOfAttributeDef: ${wsAttributeAssignActionTuple.nameOfAttributeDef}, action: ${wsAttributeAssignActionTuple.action}$newline$
+webService.assignAttributes.output = Index: ${index}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeResult.changed}, deleted: ${wsAssignAttributeResult.deleted}, valuesChanged: ${wsAssignAttributeResult.valuesChanged}$newline$
+webService.assignAttributesBatch.output = Index: ${assignIndex}, itemIndex: ${assignItemIndex}: attributeAssignType: ${wsAttributeAssign.attributeAssignType}, owner: ${ownerName}, attributeDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, values: ${valuesString}, enabled: ${wsAttributeAssign.enabled}, id: ${wsAttributeAssign.id}, changed: ${wsAssignAttributeBatchResult.changed}, deleted: ${wsAssignAttributeBatchResult.deleted}, valuesChanged: ${wsAssignAttributeBatchResult.valuesChanged}$newline$
+webService.getPermissionAssignments.output = Index: ${index}: permissionType: ${wsPermissionAssign.permissionType}, role: ${wsPermissionAssign.roleName}, subject: ${wsPermissionAssign.sourceId} - ${wsPermissionAssign.subjectId}, attributeDefNameName: ${wsPermissionAssign.attributeDefNameName}, action: ${wsPermissionAssign.action}, allowedOverall: ${wsPermissionAssign.allowedOverall}, enabled: ${wsPermissionAssign.enabled}$newline$
+webService.assignPermissions.output = Index: ${index}: permissionType: ${permissionType}, owner: ${ownerName}, permissionDefNameName: ${wsAttributeDefName.name}, action: ${wsAttributeAssign.attributeAssignActionName}, disallowed: ${wsAttributeAssign.disallowed}, enabled: ${wsAttributeAssign.enabled}, attributeAssignId: ${wsAttributeAssign.id}, changed: ${wsAssignPermissionResult.changed}, deleted: ${wsAssignPermissionResult.deleted}$newline$
+webService.assignAttributeDefNameInheritance.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}, message: ${resultMetadata.resultMessage}$newline$
+webService.attributeDefNameSave.output = Success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$
+webService.attributeDefNameDelete.output = Index ${index}: success: ${resultMetadata.success}: code: ${resultMetadata.resultCode}: ${wsAttributeDefName.name}$newline$
+webService.findAttributeDefNames.output = Index ${index}: name: ${wsAttributeDefName.name}, displayName: ${wsAttributeDefName.displayName}$newline$
+webService.assignAttributeDefActions.output=Index ${index}: nameOfAttributeDef: ${nameOfAttributeDef}, action: ${actionWithOperation.action}, status: ${actionWithOperation.status}$newline$
+
+#######################################
+## ldap queries
+#######################################
+
+# operation name
+ldapSearchAttribute.operationName.0 = pennnameToPennid
+ldapSearchAttribute.ldapName.0 = ou=pennnames
+ldapSearchAttribute.matchingAttributes.0 = pennname
+ldapSearchAttribute.matchingAttributeLabels.0 = pennnameToDecode
+ldapSearchAttribute.returningAttributes.0 = pennid
+ldapSearchAttribute.outputTemplate.0 = pennid: ${pennid}
+ldapSearchAttribute.resultType.0 = STRING
+
+ldapSearchAttribute.operationName.1 = pennidToPennname
+ldapSearchAttribute.ldapName.1 = ou=pennnames
+ldapSearchAttribute.matchingAttributes.1 = pennid
+ldapSearchAttribute.matchingAttributeLabels.1 = pennidToDecode
+ldapSearchAttribute.returningAttributes.1 = pennname
+ldapSearchAttribute.outputTemplate.1 = pennname: ${pennname}
+ldapSearchAttribute.resultType.1 = STRING
+
+ldapSearchAttribute.operationName.2 = hasMemberLdap
+ldapSearchAttribute.ldapName.2 = ou=groups
+ldapSearchAttribute.matchingAttributes.2 = cn, hasMember
+ldapSearchAttribute.matchingAttributeLabels.2 = groupName, pennnameToCheck
+ldapSearchAttribute.returningAttributes.2 = cn
+ldapSearchAttribute.outputTemplate.2 = hasMember: ${resultBoolean}
+ldapSearchAttribute.resultType.2 = BOOLEAN
+
+ldapSearchAttribute.operationName.3 = getMembersLdap
+ldapSearchAttribute.ldapName.3 = ou=groups
+ldapSearchAttribute.matchingAttributes.3 = cn
+ldapSearchAttribute.matchingAttributeLabels.3 = groupName
+ldapSearchAttribute.returningAttributes.3 = hasMember
+ldapSearchAttribute.outputTemplate.3 = ${resultString}$newline$
+ldapSearchAttribute.resultType.3 = STRING_LIST
+
+########################################
+## Custom operations
+## Implement the interface ClientOperation, put it in the jar
+## Increment the int index for multiples (must be in order)
+########################################
+
+#customOperation.name.0 = cosignLikeWebsec
+#customOperation.class.0 = edu.upenn.isc.grouperClient.CosignLikeWebsecOperation
+
+
+########################################
+## Authentication settings
+########################################
+
+# user prefix
+grouperClient.ldap.user.prefix = uid=
+
+# user suffix
+grouperClient.ldap.user.suffix = ,ou=entities,dc=upenn,dc=edu
+
+# config name for the ldap user name between prefix and suffix
+grouperClient.ldap.user.label = login
+
+# config name for the webService user name between prefix and suffix
+grouperClient.webService.user.label = login
+
+########################################
+## Web service settings
+########################################
+
+# web service client version
+grouperClient.webService.client.version = v2_2_000
+
+# socket timeout
+grouperClient.webService.httpSocketTimeoutMillis = 90000
+
+# connection manager timeout
+grouperClient.webService.httpConnectionManagerTimeoutMillis = 90000
+
+# ignore extraneous xml fields from server (e.g. on server upgrade, when the client isnt upgraded)
+# if you dont ignore, and there is an extraneous field which is not omitted (below), then an exception 
+# will be thrown
+grouperClient.webService.ignoreExtraneousXmlFields = true
+
+# register fields to be ignored with xstream.  this is useful if you are not
+# ignoring extraneous fields (above), but know that there are a few to be ignored
+# place them here with fully qualified classname dont property name, comma separated
+# e.g. edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis, edu.internet2.middleware.grouperClient.ws.beans.WsResponseMeta.millis2
+grouper.webService.omitXmlProperties = 
+
+########################################
+## Misc
+########################################
+
+# if there are extra command line args, should we fail or just log?
+grouperClient.failOnExtraCommandLineArgs = true
+
+# you can have aliases for subjectId and subjectIdentifer in command line args 
+# (though subjectId will still be allowed, but you cant pass both)
+# if this value is pennIds, then e.g. for addMemberWs, you can use --pennIds=123,234
+# instead of --subjectIds=123,345
+grouperClient.alias.subjectIds = 
+
+# if this value is pennKeys, then e.g. for addMemberWs, you can use --pennKeys=abc,bcd
+# instead of --subjectIdentifiers=abc,bcd
+grouperClient.alias.subjectIdentifiers = 
+
+# if this value is pennId, then e.g. for getGrouperPrivilegesLite, you can use --pennId=123
+# instead of --subjectId=123
+grouperClient.alias.subjectId = 
+
+# if this value is pennKey, then e.g. for getGrouperPrivilegesLite, you can use --pennKey=abc
+# instead of --subjectIdentifiers=abc
+grouperClient.alias.subjectIdentifier = 
+
+# if this value is PennId, then e.g. for addMemberWs, you can use --actAsPennId=123
+# instead of --actAsSubjectId=abc,bcd
+grouperClient.alias.SubjectId = 
+
+# if this value is PennKey, then e.g. for addMemberWs, you can use --actAsPennKey=abc
+# instead of --actAsSubjectIdentifier=abc
+grouperClient.alias.SubjectIdentifier = 
+
+# the encoding used to read config files
+grouperClient.config.encoding = UTF-8
+
+# this should probably be changed to UTF-8 for international charsets... for US it can be: ISO-8859-1
+grouperClient.default.fileEncoding = UTF-8
+
+# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.EasySslSocketFactory
+grouperClient.https.customSocketFactory = 
+
+# to not require valid SSL, use: edu.internet2.middleware.grouperClient.ssl.BlindSslSocketFactory
+grouperClient.ldaps.customSocketFactory = 
+
+
+##############################
+## Kuali Identity settings
+##############################
+
+kuali.identity.source.0 = jdbc
+kuali.identity.nameAttribute.0 = name
+kuali.identity.identifierAttribute.0 = loginid
+
+# separate a sourceId from a subjectId or sourceId
+kuali.identity.sourceSeparator = ::::
+
+
+########################################
+## JDBC settings
+########################################
+
+# default database connection name
+grouperClient.jdbc.defaultName = default
+
+# the part between jdbc. and the last . is the name of the connection, in this case "default"
+# e.g. mysql:           com.mysql.jdbc.Driver
+# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver
+#   for p6spy, put the underlying driver in spy.properties
+# e.g. oracle:          oracle.jdbc.driver.OracleDriver
+# e.g. hsqldb:          org.hsqldb.jdbcDriver
+# e.g. postgres:        org.postgresql.Driver
+# e.g. mssql:           com.microsoft.sqlserver.jdbc.SQLServerDriver
+grouperClient.jdbc.default.driver = oracle.jdbc.driver.OracleDriver
+
+# e.g. mysql:           jdbc:mysql://localhost:3306/grouper
+# e.g. p6spy (log sql): [use the URL that your DB requires]
+# e.g. oracle:          jdbc:oracle:thin:@server.school.edu:1521:sid
+# e.g. hsqldb (a):      jdbc:hsqldb:dist/run/grouper;create=true
+# e.g. hsqldb (b):      jdbc:hsqldb:hsql://localhost:9001/grouper
+# e.g. postgres:        jdbc:postgresql://localhost:5432/database
+# e.g. mssql:           jdbc:sqlserver://localhost:3280
+grouperClient.jdbc.default.url = jdbc:oracle:thin:@server.school.edu:1521:sid
+grouperClient.jdbc.default.user = some_schema
+grouperClient.jdbc.default.pass = abc123
+
+
+
+################################
+## AWS settings
+################################
+
+# sqs settings
+grouperClient.awsAccessKey = ABC123
+grouperClient.awsSecretKey = xyz789
+grouperClient.awsSqsQueueUrl = https://sqs.region.amazonaws.com/1234/queue_name
+
+
+################################
+## ESB settings
+################################
+
+## if you want to encrypt messages, set this to an implementation of edu.internet2.middleware.grouperClient.encryption.GcEncryptionInterface
+esb.consumer.encryptionImplementation = edu.internet2.middleware.grouperClient.encryption.GcSymmetricEncryptAesCbcPkcs5Padding
+## this is a key or could be encrypted in a file as well like other passwords
+## generate a key with: java -cp grouperClient.jar edu.internet2.middleware.grouperClient.encryption.GcGenerateKey 
+## number these if there are multiple
+#esb.consumer.encryptionKey.0 = abc123
+
+
+################################
+## XMPP client settings
+## Note: you need the smack.jar in your classpath, see the grouper xmpp wiki for usage
+## https://spaces.internet2.edu/display/Grouper/Grouper+XMPP+notifications+v1.6.0
+################################
+
+
+## general xmpp configuration
+grouperClient.xmpp.server.host = jabber.school.edu
+grouperClient.xmpp.server.port = 5222
+grouperClient.xmpp.user = username
+# note, pass can be in an external file with morphstring
+grouperClient.xmpp.pass = 
+grouperClient.xmpp.resource = grouperClient
+# note, you need the exact id and resource here or it wont match
+grouperClient.xmpp.trustedMessagesFromJabberIds = user@school.edu/resource, user2@school.edu/resource2
+
+# if true, then each quartz trigger name will be unique
+# do this for atlassian since it doesnt do quartz right, and wont delete or reuse old triggers
+grouperClient.xmpp.uniqueQuartzTriggerNames = false
+
+# if true, send this to smack, if we should debug.  not sure if it does anything
+grouperClient.xmpp.debuggerEnabled = false
+
+grouperClient.xmpp.job.myJobName.groupNames = test:xmppGroups:test1
+grouperClient.xmpp.job.myJobName.allowIncrementalNotInGroupNamesList = false
+grouperClient.xmpp.job.myJobName.handlerClass = edu.internet2.middleware.grouperClientExt.xmpp.GrouperClientXmppFileHandler
+# set this to reload_group or incremental if not reload on each event
+grouperClient.xmpp.job.myJobName.eventAction = incremental
+# how often a full refresh should occur regardless of events
+grouperClient.xmpp.job.myJobName.fullRefreshQuartzCronString = 0 0 5 * * ?
+grouperClient.xmpp.job.myJobName.fileHandler.targetFile = c:/temp/targetFile.txt
+grouperClient.xmpp.job.myJobName.fileHandler.filePrefix = c:/temp/filePrefix.txt
+grouperClient.xmpp.job.myJobName.fileHandler.iteratorEl = ${subject.attribute['pennname']}$space$
+grouperClient.xmpp.job.myJobName.fileHandler.fileSuffix = c:/temp/fileSuffix.txt
+grouperClient.xmpp.job.myJobName.subjectAttributeNames = pennname
+# subjects wont notify in not in these sources, comma separated, or blank for all
+grouperClient.xmpp.job.myJobName.requireSources = pennperson
+# subjects wont notify if they dont have a non blank value for these attributes, or blank for all
+grouperClient.xmpp.job.myJobName.requireAttributes = pennname
+
+

http://git-wip-us.apache.org/repos/asf/airavata/blob/4766b37c/modules/group-manager/src/main/resources/grouper.hibernate.base.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.hibernate.base.properties b/modules/group-manager/src/main/resources/grouper.hibernate.base.properties
new file mode 100755
index 0000000..7070b17
--- /dev/null
+++ b/modules/group-manager/src/main/resources/grouper.hibernate.base.properties
@@ -0,0 +1,120 @@
+#
+# Copyright 2014 Internet2
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# Grouper Hibernate Configuration
+# $Id: grouper.hibernate.example.properties,v 1.9 2009-08-11 20:18:09 mchyzer Exp $
+#
+
+# The grouper hibernate config uses Grouper Configuration Overlays (documented on wiki)
+# By default the configuration is read from grouper.hibernate.base.properties
+# (which should not be edited), and the grouper.hibernate.properties overlays
+# the base settings.  See the grouper.hibernate.base.properties for the possible
+# settings that can be applied to the grouper.hibernate.properties
+
+########################################
+## Config chaining hierarchy
+########################################
+
+# comma separated config files that override each other (files on the right override the left)
+# each should start with file: or classpath:
+# e.g. classpath:grouper.hibernate.base.properties, file:c:/temp/myFile.properties
+grouper.hibernate.config.hierarchy = classpath:grouper.hibernate.base.properties, classpath:grouper.hibernate.properties
+
+# seconds between checking to see if the config files are updated
+grouper.hibernate.config.secondsBetweenUpdateChecks = 60
+
+########################################
+## DB settings
+########################################
+
+# e.g. mysql:           jdbc:mysql://localhost:3306/grouper
+# e.g. p6spy (log sql): [use the URL that your DB requires]
+# e.g. oracle:          jdbc:oracle:thin:@server.school.edu:1521:sid
+# e.g. hsqldb (a):      jdbc:hsqldb:dist/run/grouper;create=true
+# e.g. hsqldb (b):      jdbc:hsqldb:hsql://localhost:9001/grouper
+# e.g. postgres:        jdbc:postgresql://localhost:5432/database
+# e.g. mssql:           jdbc:sqlserver://localhost:3280;databaseName=grouper
+hibernate.connection.url = jdbc:hsqldb:hsql://localhost:9001/grouper
+
+hibernate.connection.username         = sa
+# If you are using an empty password, depending upon your version of
+# Java and Ant you may need to specify a password of "".
+# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
+hibernate.connection.password         = 
+
+################  BELOW HERE YOU GENERALLY DO NOT NEED TO CHANGE ####################
+
+# Leave blank to autodetect based on URL, or specify
+# Hibernate3.  
+# e.g. org.hibernate.dialect.Oracle10gDialect, org.hibernate.dialect.HSQLDialect
+# e.g. org.hibernate.dialect.PostgreSQLDialect ,org.hibernate.dialect.MySQL5Dialect
+# e.g. org.hibernate.dialect.SQLServerDialect
+hibernate.dialect               = 
+
+# see http://ehcache.org/documentation/user-guide/hibernate#Configure-Ehcache-as-the-Second-Level-Cache-Provider
+# Hibernate 3.0 - 3.2
+# hibernate.cache.provider_class  = org.hibernate.cache.EhCacheProvider
+# Hibernate 3.3+
+hibernate.cache.region.factory_class = net.sf.ehcache.hibernate.EhCacheRegionFactory
+
+
+#
+# Generic Hibernate Configuration
+#
+
+hibernate.cache.use_query_cache       = true
+
+# leave blank to autodetect based on URL
+# e.g. mysql:           com.mysql.jdbc.Driver
+# e.g. p6spy (log sql): com.p6spy.engine.spy.P6SpyDriver
+#   for p6spy, put the underlying driver in spy.properties
+# e.g. oracle:          oracle.jdbc.driver.OracleDriver
+# e.g. hsqldb:          org.hsqldb.jdbcDriver
+# e.g. postgres:        org.postgresql.Driver
+# e.g. mssql:           com.microsoft.sqlserver.jdbc.SQLServerDriver
+hibernate.connection.driver_class = 
+
+
+hibernate.connection.autocommit       = false
+
+# Use c3p0 connection pooling (since dbcp not supported in hibernate anymore)
+# http://www.hibernate.org/214.html, http://www.hibernate.org/hib_docs/reference/en/html/session-configuration.html
+hibernate.c3p0.max_size 16
+hibernate.c3p0.min_size 0
+#seconds
+hibernate.c3p0.timeout 100
+hibernate.c3p0.max_statements 0
+hibernate.c3p0.idle_test_period 100
+hibernate.c3p0.acquire_increment 1
+hibernate.c3p0.validate false
+
+#What to do if there are connection problems - see http://www.mchange.com/projects/c3p0/index.html#configuration_properties
+#These settings are designed to cause exceptions sooner rather than later so end users are not left with a hanging UI. Once the database
+#is available again a connection will be made witout further intervention
+#If tou get intermittent connection problems in the UI even though the database is OK try increasing the max_size setting above and
+#tune the settings below
+hibernate.c3p0.acquireRetryAttempts=2
+hibernate.c3p0.acquireRetryDelay=500
+hibernate.c3p0.checkoutTimeout=30000
+
+hibernate.jdbc.use_streams_for_binary = true
+
+hibernate.max_fetch_depth             = 1
+
+hibernate.show_sql                    = false
+
+hibernate.jdbc.batch_size 20

http://git-wip-us.apache.org/repos/asf/airavata/blob/4766b37c/modules/group-manager/src/main/resources/grouper.hibernate.properties
----------------------------------------------------------------------
diff --git a/modules/group-manager/src/main/resources/grouper.hibernate.properties b/modules/group-manager/src/main/resources/grouper.hibernate.properties
new file mode 100755
index 0000000..36fa66d
--- /dev/null
+++ b/modules/group-manager/src/main/resources/grouper.hibernate.properties
@@ -0,0 +1,10 @@
+hibernate.connection.url = jdbc:mysql://gw62.iu.xsede.org:3306/grouper
+
+hibernate.connection.username         =airavata_grouper_client
+# If you are using an empty password, depending upon your version of
+# Java and Ant you may need to specify a password of "".
+# Note: you can keep passwords external and encrypted: https://bugs.internet2.edu/jira/browse/GRP-122
+hibernate.connection.password         =airavata_grouper_client
+
+hibernate.cache.use_second_level_cache=true
+hibernate.cache.region.factory_class=org.hibernate.cache.ehcache.EhCacheRegionFactory
\ No newline at end of file


Mime
View raw message